How it works

The encryption service uses Key Vault to manage the secrets, to do this we need an application in Azure AD that has permissions (Set by a Key Vault Access Policy) to operate inside of Key Vault.

This is used if you are just using BEK or setting up KEK for Azure Backup support.

For KEK a Key must be imported or created in the Key Vault. You reference this key when running the commands.

Finally, the Backup Management Service needs permissions to access the Key Vault and the keys.

Image 1: Example of Secrets inside of Key Vault

Procedure

Please note: You will need a Key Vault before you can complete this procedure. The Key Vault must be in the same region as the VM that will be encrypted.

1. Set up an Azure AD Application

In Azure Active Directory, select App registrations and create a new app registration. Enter a Name, select Web app / API and assign a sign-on URL (you will not use this so a default entry is adequate).

Image 2: App Registration in Azure Active Directory

Make a note of the Application ID and create and take note of the application Key. Please note that the Key will only be available to you after it is saved and only once on the page. After that it will be hidden.

2. Configure the permissions in the Key Vault for the new Azure AD Application

In the Key Vault set up an Access Policy for the new application.

Image 3: Setting up permissions in the Key Vault (an Access Policy)

Key Permissions need to be set to Wrap Key, Secret permissions to Set.

Working with Azure in the enterprise means you will quickly want to create your own custom images. In this introductory article I will show you an example of how to create an image from an existing generalized imaged.

Please note:

This is utilising the ARM model and does not apply to Classic.

This assumes you have created a generalized image in Azure and know where it is!

This process is not considering on premises VMs.

This process uses Windows images.

The following documents and articles were used to create the script below. Many thanks to the efforts and hard work of the authors.

There have been a number of blogs about the Windows 8 Metro look and feel, some positive some negative. In my own experience if you use the OS from a touch enabled device the experience is good, try using a mouse and it is frustrating. No doubt it will be possible to switch between interfaces however what I would like to see is the intelligence in the operating system to detect the type of device you are using and then present the interface based on the result. Between devices if the user choices and settings can be synced then I think Microsoft will have a real winner. In my opinion leave it up to admins to decide who gets what and when and force users to use an interface they are not happy with and the operating system will be rejected.

Last Tweets

I was lucky enough to join the Australian Institute of Company Directors swim team for the #PorttoPub swim in Perth Western Australia. The race was called off at the three hour mark due to the tough conditions. However it proved again to me that a good t…https://t.co/AMf3zGNVEx,6 hours ago